diff --git a/apps/app/src/pages/forgot-password.vue b/apps/app/src/pages/forgot-password.vue
index 1bef2da0..7894d2f0 100644
--- a/apps/app/src/pages/forgot-password.vue
+++ b/apps/app/src/pages/forgot-password.vue
@@ -38,13 +38,22 @@ async function onSubmit(): Promise<void> {
       email: email.value.trim(),
       app: 'app',
     })
+    done.value = true
   }
-  catch {
-    // Always show generic success (no email enumeration)
+  catch (error: unknown) {
+    const ax = error as { response?: { status?: number } }
+
+    if (ax.response?.status === 422) {
+      // Validation error — don't show success, let the user fix input
+      return
+    }
+
+    // For all other errors (404 user-not-found, network, etc.):
+    // show generic success to prevent email enumeration
+    done.value = true
   }
   finally {
     isSubmitting.value = false
-    done.value = true
   }
 }
 </script>
diff --git a/apps/portal/src/pages/wachtwoord-vergeten.vue b/apps/portal/src/pages/wachtwoord-vergeten.vue
index 18ae00d2..a38051d1 100644
--- a/apps/portal/src/pages/wachtwoord-vergeten.vue
+++ b/apps/portal/src/pages/wachtwoord-vergeten.vue
@@ -27,13 +27,22 @@ async function onSubmit(): Promise<void> {
   isSubmitting.value = true
   try {
     await apiClient.post('/auth/forgot-password', { email: email.value.trim(), app: 'portal' })
+    done.value = true
   }
-  catch {
-    // Always show generic success (no email enumeration)
+  catch (error: unknown) {
+    const ax = error as { response?: { status?: number } }
+
+    if (ax.response?.status === 422) {
+      // Validation error — don't show success, let the user fix input
+      return
+    }
+
+    // For all other errors (404 user-not-found, network, etc.):
+    // show generic success to prevent email enumeration
+    done.value = true
   }
   finally {
     isSubmitting.value = false
-    done.value = true
   }
 }
 </script>